36247-vm/order_tests.php

<?php
require_once 'auth.php';
require_role('doctor');
require_once 'db/config.php';

header('Content-Type: application/json');
$response = ['success' => false, 'message' => 'Invalid request.'];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $visit_id = $_POST['visit_id'] ?? null;
    $lab_tests = $_POST['lab_tests'] ?? [];
    $imaging_tests = $_POST['imaging_tests'] ?? [];

    if ($visit_id && (!empty($lab_tests) || !empty($imaging_tests))) {
        try {
            $pdo = db();
            $pdo->beginTransaction();

            $stmt = $pdo->prepare("INSERT INTO ordered_tests (visit_id, test_type, test_id) VALUES (?, ?, ?)");

            foreach ($lab_tests as $test_id) {
                $stmt->execute([$visit_id, 'lab', $test_id]);
            }

            foreach ($imaging_tests as $test_id) {
                $stmt->execute([$visit_id, 'imaging', $test_id]);
            }

            $pdo->commit();
            $response = ['success' => true, 'message' => 'Tests ordered successfully.'];

        } catch (PDOException $e) {
            $pdo->rollBack();
            $response['message'] = 'Database error: ' . $e->getMessage();
        }
    } else {
        $response['message'] = 'Missing visit ID or no tests selected.';
    }
}

echo json_encode($response);
?>